Microsoft is reporting that a vulnerability in DirectShow, a framework for playing various media types, is being exploited in the wild in some versions of Windows.

The attacks are being perpetrated using malicious QuickTime media files in what Microsoft calls "limited, active attacks." The vulnerability can cause remote code execution in the context of the logged-in user.There is no patch for the vulnerability yet.

DirectShow versions 7, 8 and 9 in Windows 2000, Windows XP and Windows Server 2003 are vulnerable to the attack. Windows Vista, Windows Server 2008 and Windows 7 are not vulnerable. DirectShow was largely replaced in Vista by the Windows Media Foundation.